Encryption Standards for data-in-transit and data-at-rest

Encryption details below:

  • In transit is TLS v. 1.2 with AWS's 2021 recommended ciphers.
  • Encrypted payload from cloud connector (within the TLS channel) uses AES-256 w/ customer encryption key.
    Each customer gets their own encryption key for in-transit encryption.
  • Same AES-256 encrypted payload is at rest (outside of the TLS channel) in S3, where the bucket is AES-256 encrypted with a different Clumio-managed encryption key.
  • Customer encryption keys are rotated every 30 days.